subproc: clear signal handlers in the child process

2017-10-18 12:33:24 +02:00 · 2017-10-18 12:33:24 +02:00 · 1b4577e53f
commit 1b4577e53f
parent 5f3b511e3f
6 changed files with 33 additions and 16 deletions
--- a/common.h
+++ b/common.h
@ -24,6 +24,7 @@

 #include <limits.h>
 #include <netinet/ip6.h>
+#include <signal.h>
 #include <stdbool.h>
 #include <stdio.h>
 #include <sys/queue.h>
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit b20d26848992cb14661f6fbccca6a82b1c2af546
+Subproject commit 2ae8e116e416539da66ed7170e246668df05e43e
--- a/nsjail.c
+++ b/nsjail.c
@ -76,20 +76,10 @@ static bool nsjailSetSigHandler(int sig)

 static bool nsjailSetSigHandlers(void)
 {
-	if (nsjailSetSigHandler(SIGINT) == false) {
+	for (size_t i = 0; i < ARRAYSIZE(nssigs); i++) {
+		if (!nsjailSetSigHandler(nssigs[i])) {
 			return false;
 		}
-	if (nsjailSetSigHandler(SIGUSR1) == false) {
-		return false;
-	}
-	if (nsjailSetSigHandler(SIGALRM) == false) {
-		return false;
-	}
-	if (nsjailSetSigHandler(SIGCHLD) == false) {
-		return false;
-	}
-	if (nsjailSetSigHandler(SIGTERM) == false) {
-		return false;
 	}
 	return true;
 }
--- a/nsjail.h
+++ b/nsjail.h
@ -23,6 +23,14 @@
 #ifndef NS_NSJAIL_H
 #define NS_NSJAIL_H

-#include "common.h"
+#include <signal.h>
+
+static const int nssigs[] = {
+	SIGINT,
+	SIGUSR1,
+	SIGALRM,
+	SIGCHLD,
+	SIGTERM,
+};

 #endif /* _NSJAIL_H */
--- a/subproc.c
+++ b/subproc.c
@ -109,12 +109,28 @@ static const char* subprocCloneFlagsToStr(uintptr_t flags)
 	return cloneFlagName;
 }

+/* Reset the execution environment for the new process */
+static bool subprocReset(void)
+{
+	for (size_t i = 0; i < ARRAYSIZE(nssigs); i++) {
+		if (signal(nssigs[i], SIG_DFL) == SIG_ERR) {
+			PLOG_W("signal(%s, SIG_DFL)", utilSigName(nssigs[i]));
+			return false;
+		}
+	}
+	return true;
+}
+
 static int subprocNewProc(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err, int pipefd)
 {
 	if (containSetupFD(nsjconf, fd_in, fd_out, fd_err) == false) {
 		exit(0xff);
 	}

+	if (!subprocReset()) {
+		exit(0xff);
+	}
+
 	if (pipefd == -1) {
 		if (userInitNsFromParent(nsjconf, getpid()) == false) {
 			LOG_E("Couldn't initialize net user namespace");
--- a/subproc.h
+++ b/subproc.h
@ -24,6 +24,8 @@

 #include "common.h"

+#include "nsjail.h"
+
 #include <inttypes.h>
 #include <unistd.h>